Re: Information Risk - Vulnerability Assessment Checklist

[rohnskii () gmail com]

That's a pretty wide open request, can you focus it down a little.  I don't have much directly on VA, more on audits 
and RA.  You could work backwards from them to create your own VA checklist.  In the mean time here are a few 
possibilities:

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1316072,00.html - Win Registry Foresnsics Guide

http://www.itsecurity.com/features/it-security-audit-010407/ - 10 steps to create your own security audit

http://www.itsecurity.com/whitepaper/steps-optimal-security-risk-qualys/ - 7 Essential Steps to Achieve, Measure and 
Prove Optimal Security Risk

http://articles.techrepublic.com.com/5100-6296_11-5194734.html?tag=nl.e118 - A holistic approach to vulnerability 
assessment

http://www.windowsecurity.com/articles/Threats-Assets.html?printversion - Threats and your assets - what is really at 
risk

http://www.qualys.com/forms/whitepapers/business_enablement_with_vulnerability_management/?lsid=6501 - Business 
Enablement with on demand vulnerability mgmt

http://blogs.techrepublic.com.com/security/?p=380 - Take this four-phase approach to a network risk assessment

http://www.itsecurity.com/features/risk-analysis-done-right-091307/# - Risk Analysis: Do It Right and Save Money

http://www.version2.dk/whitepapers/9/Printing+Security:+A+Guide+to+Some+Commonly+Overlooked+Vulnerabilities - Printing 
Security: a guide to some commonly overlooked vulnerabilities

http://www.qualys.com/forms/briefs/pci_scanning_requirements/?lsid=7150 - Meeting Vulnerability scanning requirements 
for PCI

http://www.netragard.com/landing-page/index.php - 3 things you must know before choosing a security assessment

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1281564_mem1,00.html - Getting the best bargain on network 
vulnerability scanning

www.ciscopress.com/content/images/9781587053320/samplechapter/1587053322_CH03.pdf  - Ch3 Identifying and Classifying 
Security Threats

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1192540,00.html - Easy hacks still tripping up 
corporate victims

http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1281829,00.html - Checklist: Top five security 
assessment tools

http://downloads.techrepublic.com.com/abstract.aspx?docid=172726 - Preempting data warfare: the art of comprehensive 
vulnerability mgmt

http://www.itsecurity.com/vulnerability-scanning/ - IT Security Vulnerability scanning page

If you are looking specifically for software version and patching vulnerabilities, check out Secunia.  PSI is their 
home tool, I've used it for a year now and it is great.  They also have a cororate version.

Try searching for "Vulnerability Management for Dummies" an e-book published on web by Qualys

Try searching the "searchsecurity.com" site directly. They have thousands of docs, many probably fit your needs

I just noticed that there are a lot of Qualys docs.  I'm not associated with them in any way.

HTH